-
Notifications
You must be signed in to change notification settings - Fork 2
Python Environment mis config pkg resources [Security Warning]
Date: April 21st, 2016
Error:
message: /usr/lib/python2.7/dist-packages/pkg_resources.py:1031: UserWarning: /home/test/.python-eggs is writable by group/others and vulnerable to attack when used with get_resource_filename. Consider a more secure location (set with .set_extraction_path or the PYTHON_EGG_CACHE environment variable).
warnings.warn(msg, UserWarning)
The Where - Environments that exhibit symptom: For all: 64-bit
| Distribution | Status |
|---|---|
| Ubuntu-14.04.4 LTS | ❗ |
| Ubuntu-15.10 | 👍 |
| Debian 8.4 "Jessie" | 👍 |
| Fedora 23 Workstation | 👍 |
Todo: Check on Ubuntu 12LTS
The What This seems to be more of a Python environment configuration on a Linux distribution, The Why It is raised due to the dependency of pfpgen on external files [not .py such as Templates,etc] that python can't place in dist-packages due to compliance with packaging rules;
The error is raised because users under group/others have write permission to the .python-eggs in that user's home dir, which makes sense and by default for system users under group/others should not have permission to.
The Fix
Possible fixes that the user can apply is
chmod g-wx,o-wx ~/.python-eggs
We can suppress this warning, but its the kind that we should not I think.
[Refs: https://github.com/GNS3/gns3-server/issues/24]